» gu.exe
Overview
Analysis
File Details
Downloads (2)

gu.exe

UBISOFT ENTERTAINMENT INC.

File name:

gu.exe

Publisher:

UBISOFT ENTERTAINMENT INC. (signed and verified)

MD5:

540ba34f6eb9a8baf32742abc04dc03b

SHA-1:

63d03b436e9ae956f057d6a51d3fdfb3b602895e

SHA-256:

448f3f974851c6162a60e8564008ea41d53f1ae9c75e2e357b14aebc09c88816

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/27/2024 2:42:49 PM UTC (today)

File size:

604.6 KB (619,144 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\steam\steamapps\downloading\33220\src\system\gu.exe

Digital Signature

Signed by:

UBISOFT ENTERTAINMENT INC.

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

7/8/2009 5:00:00 PM

Valid to:

7/14/2010 4:59:59 PM

Subject:

CN=UBISOFT ENTERTAINMENT INC., OU=UBI.COM, O=UBISOFT ENTERTAINMENT INC., L=montreal, S=quebec, C=CA

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

321DD26858C4234388B79E66C3A44BF8

File PE Metadata

Compilation timestamp:

1/18/2008 10:52:20 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

12288:VCm9cF1znWpgnKv2EyOvjkM/SPVyH9ImSyQktlhHZCcpn47nKIWcGwHEgRyqGL+o:VCmogjL5Cc2hPoDvBclPlwnRK0k+Sw

Entry address:

0x516BC

Entry point:

E8, A9, D9, 00, 00, E9, 16, FE, FF, FF, FF, 35, 5C, 1F, 49, 00, E8, E2, 71, 00, 00, 85, C0, 59, 74, 02, FF, D0, 6A, 19, E8, 94, A0, 00, 00, 6A, 01, 6A, 00, E8, 74, 42, 00, 00, 83, C4, 0C, E9, 79, 41, 00, 00, E8, 0E, 74, 00, 00, 8B, 48, 6C, 3B, 0D, D0, E8, 48, 00, 74, 10, 8B, 0D, EC, E7, 48, 00, 85, 48, 70, 75, 05, E8, 6C, AE, 00, 00, A1, E0, DB, 48, 00, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 56, 33, C0, 50, 50, 50, 50, 50, 50, 50, 50, 8B, 55, 0C, 8D, 49, 00, 8A, 02, 0A, C0, 74, 09, 83, C2... 
[+]

Entropy:

6.4410

Code size:

460 KB (471,040 bytes)

The file gu.exe has been seen being distributed by the following 2 URLs.

http://s10651.chomikuj.pl/File.aspx?e=iYnUi2soUfTW4RcuDzFR_R7xVUfCJDZVYdmRXe3rLq-Qwk8IoHdd0hdckXCSlC2MoAzFACXNYC107wiHEnqCN7l3jENlU3YFQWY-gvPUJN6ttD3yYUmT_X-geZRtKjmvzE8iycMX2gFBZydEnDNNzCpXS7MGrgUcsySMPaqimUA&pv=2

http://revpx16.chomikuj.pl/.../File.aspx?e=iYnUi2soUfTW4RcuDzFR_R7xVUfCJDZVYdmRXe3rLq_nA_zNFHJXilbxRsnk3F45VX7swKFrQYILIq_QYIDfFKgM2RVsSkABgabktqaAFOYC5Mr6x3SF_Zg4qa9OkSrvmPmQfiQSy7kxWDqbscJVuJFDhFQ1VVzjFgIc7xqOxjI&pv=2

Scan gu.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.